31 Dec 2015
As you may know, I care a lot about Internet privacy. The main tool for privacy is encryption, hiding your communications from potential spies. But that's not enough. We also need to deal with web privacy, the tracking of your web browsing by advertisers using cookies. And we need to minimize the "metadata" that your devices disclose when you are connecting to the Internet. I work in the Windows networking team at Microsoft, and I had a chance to work specifically on this metadata problem, helping the team implement "MAC Address Randomization."
You may have heard of systems that track your movements by tracking the Wi-Fi hardware address of your phone or your laptop – the address also known as "MAC Address." Windows 10 includes protection against that. It implements a form of MAC Address Randomization. The randomization function can be controlled through the settings application. You will first have to go to the Wi-Fi page in the settings UI, and if you scroll to the bottom of the page you will see two options:
If you click the "Manage Wi-Fi Settings" link, you will get to a page that control all the "global" options for the Wi-Fi interface. MAC Address Randomization is one of these options. If your hardware is capable of supporting MAC Address randomization, the page will look like that:
The feature is supported on the recent hardware. If your hardware does not support randomization, the UI will of course not present the option. If randomization is supported, switch the toggle to turn the feature ON or OFF.
On the phone, the UI is slightly different. You will need to click the "Manage" button at the bottom of the Wi-Fi page to get to the manage settings page, but the logic is the same.
If the option is turned ON, your phone or laptop will start using random MAC Addresses when "roaming" between connections. Normally, when your device is not connected, it will wake up every minute or two, and try finding if there is a Wi-Fi network available in the vicinity. For that, it will send "probes." In the absence of randomization, these probes are sent from a constant or "permanent" MAC address that uniquely identifies your device. Trackers listen to these probes, for example in some shopping malls, department stores, or other public areas. When randomization is turned on, the system sends these probes from a random MAC Address. This defeats a large part of the "Wi-Fi" tracking currently going on.
Eventually, you will want to connect to Wi-Fi network. At this point, the system acts differently if it is the first connection to a new network, or if you already connected to that same network in the past. If this is a new network and randomization is ON, the system will pick a random MAC Address for that network, and use it for the new connection. If randomization is OFF, the system use the permanent MAC Address embedded in the hardware. For repeated connections, by default, the system will keep using the same MAC Address that it used on the first connection, random if randomization was ON for the first connection, permanent if randomization was OFF.
There are networks for which you care more about usability and management, and you should keep using the permanent MAC address there. A classic example are corporate networks, in which IT managers want to precisely track who is connecting. Another example are some home networks, in which an overactive owner decided to turn on the "MAC Address Filtering" feature. You should turn MAC Address randomization OFF before connecting to such networks. You can turn randomization back ON after the first connection is complete. The system will remember to use the permanent MAC Address for these networks.
Even when randomization is ON, the system will by default use the same random MAC Address each time you return to the same Wi-Fi network. This design attempts to balance privacy and usability. Suppose for example that you are travelling and that you connected to the hotel's Wi-Fi. On your first connection, you will probably have to fill up a web form to get authorized. The hotel's Wi-Fi will then remember the MAC address of your device, and let it connect. If the system kept changing the MAC Address of your Wi-Fi interface, you would have to fill that form again each time you reconnect, and that would be fairly annoying. But if you keep using the same random MAC address for each connection, the network will recognize you, and you will not have to fill a form, or, in the worst case, pay again for the connection.
Of course, if you go to a different Wi-Fi network, the system will pick a new random MAC address for each of these networks. Each network knows that the same person is connecting again and again, but different networks cannot track that the same person is moving from the hotel to the airport or to a café. We believe that most people will be happy with that compromise, but if you are not, you can use the UI to change the setting. Suppose for example that you are coming every day to the same café, and that you don't like the idea that once the system picks a random MAC address for the café, observers could track it. Again, you will go to the WI-Fi UI and look at options at the bottom of the page. Instead of selecting the "manage Wi-Fi settings" option, you will select the "advanced options," and you will see the "per network" randomization option:
Selecting the drop box will unveils three possible settings:
On the phone, the UI is slightly different. In the "Manage Wi-Fi" UI, you will need to click on a network name to "edit" the network properties. At the bottom of the properties page, you will see the same control as described above, we the same choice between On, Off and "Change Daily."
The "On" setting is the default when randomization is turned on. The system picks a random MAC address and keeps using it for this network. The "Off" setting forces the system to use the permanent MAC address. The "Change daily" setting instructs the system to pick a different MAC address every day. This is the setting that you want to use if you are concerned about your privacy when you are regularly visiting the same place. Of course, if you chose the "change daily" option, you may have to fill a new web form every day when you connect. But that's your choice!